ISO 27001 · 14 domains · 114 controls
ISO 27001 · 14 domains · 114 controls ISO 27001
certification.
DialPhone maintains ISO 27001 certification for its Information Security Management System. Audited annually by an accredited certification body with surveillance audits in between and full recertification every 3 years.
ISO 27001 is the internationally-recognized standard for information security management. The structure differs from SOC 2: where SOC 2 attests to a set of control objectives operating effectively over a window, ISO 27001 certifies an entire Information Security Management System (ISMS) — the governance program that sits above individual controls and ensures they are continuously assessed, improved, and maintained.
European procurement teams typically weight ISO 27001 more heavily than SOC 2; US procurement teams tend toward the inverse. DialPhone holds both certifications because the underlying control architecture is largely the same and maintaining both costs less than fighting procurement rounds over which standard "really" matters. The 14 Annex A control domains map closely to SOC 2 Trust Services Criteria, with extra emphasis on supplier relationships and operational planning that SOC 2 does not specifically require.
The certificate itself is public and shareable without NDA — request via [email protected]. The Statement of Applicability (which Annex A controls apply, which are excluded with rationale) and the underlying surveillance/recertification audit reports are available under NDA. Surveillance audits run annually between the 3-year recertification cycles, so the cert never goes more than 12 months without external scrutiny. For other certifications, see Trust Center; for the SOC 2 audit specifically, see SOC 2.
Annex A controls
14 control domains
- A.5 Information security policies
- A.6 Organization of information security
- A.7 Human resource security
- A.8 Asset management
- A.9 Access control
- A.10 Cryptography
- A.11 Physical and environmental security
- A.12 Operations security
- A.13 Communications security
- A.14 System acquisition, development, maintenance
- A.15 Supplier relationships
- A.16 Information security incident management
- A.17 Business continuity
- A.18 Compliance
ISO 27001 FAQ
What is ISO 27001?
An international standard for Information Security Management Systems (ISMS). It requires organizations to assess risk, implement controls, monitor effectiveness, and continuously improve. 114 controls are grouped into 14 domains.
When was DialPhone certified?
Initial ISO 27001 certification 2023. Annual surveillance audits maintain certification; recertification every 3 years. Current certificate covers the global organization, not a single product line.
How does ISO 27001 compare to SOC 2?
Both address security management. ISO 27001 is more internationally recognized (European customers often prefer it). SOC 2 is more US-common and includes Availability/Confidentiality/Processing Integrity criteria. DialPhone holds both.
Can I see the certificate?
The certificate is public, request via [email protected]. The underlying statement-of-applicability and audit report are shared under NDA.